Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mega Defends Its Security Practices

Posted by Unknown on from the excuses-excuses dept.

Dangerous_Minds writes "Recently, Slashdot posted about how cloud storage company Mega was 'riddled' with security holes. Freezenet points out that Mega has issued a response to some of these criticisms including one which criticized its use of SSL. Mega responded saying that if you could break SSL, you could break things much more interesting than Mega."

6 of 165 comments (clear)

  1. Keep using the old method? by cseg · · Score: 5, Informative

    Encrypt it locally, upload it to the site for storage-only. Maybe use their whatever-it's-an-option encryption as added layer and call it a day. Isn't that how people do with other services like DropBox, anyways?

  2. The biggest security hole by bfandreas · · Score: 5, Informative

    The biggest security hole is the company itsself.
    They have complied in the past and they will so again.
    http://www.wired.com/threatlevel/2012/11/megaupload-investigation-roots/

    Kim Schmitz himself(aka Kim Dotcom, aka Kim Jim Tim Vestor, aka kimble...I kid you not) caved in under pressure from the Feds and ratted out on the German hacker/cracker/warez/phreaker scene. In a double twist of irony he cooperated with Günter Freiherr von Gravenreuth who in turn was a bit of a jackal.
    The self-styled His Royal Highness King Kimble the First, Ruler of the Kimpire was convicted of embezzlement. Which hardly is a hacktivist crime. More of a sleazebag move.
    I wouldn't argue that the Kiwi raid on him wasn't all kinds of wrong. But that doesn't make him trustworthy either. For a cause célèbre I would honestly look elsewhere.
    This guy has shady written all over himself and I'd be careful about trusting him. Especially when entrusting him with evidence for things that carry a hefty penalty(justified or no).

    --
    20 minutes into the future
    1. Re:The biggest security hole by aaaaaaargh! · · Score: 5, Insightful

      Trust is a relative measure. I would trust Mega with storing personal copies of my favorite TV show, so I can e.g. access them on my tablet elsewhere. I wouldn't trust Mega with all my banking details, trade secrets, or highly sensitive government secrets, and would dare to say Mega has not been invented for that purpose...

  3. Re:January 23th by wcrowe · · Score: 5, Funny

    I don't thee that there'th anything wrong with it. It lookth jutht fine to me.

    --
    Proverbs 21:19
  4. Re:That is an ignorant response. by aaaaaaargh! · · Score: 5, Informative

    Mega's response is quite reasonable and not ignorant at all. They adequately address all the incorrect claims and FUD that has been spread about their security, and do so in a timely manner.

    Your response, however, makes less sense. You say: "SSL is fine, however it isn't the end all be all [sic!] in security" Who claimed so? Certainly not Mega. They are a file storage service, not Fort Knox! (The rest of your post has nothing to do with Mega's security, so we can skip that.)

  5. Its not about confidentiality. by jzilla · · Score: 5, Insightful

    The encryption is there for mega to maintain plausable deniabity about copyright infringement. If you want to keep something private don't upload it to mega. The question is not whether the encyrption scheme is sound, but whether it is reasonable in court to expect a company to break encryption (and most likely laws) to ferret out copyright violations.